Keith C. Perry on 4 Jul 2017 09:18:15 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Firewall choices for a small software development business

+1 here...  I was initially against the concept of having to use a "controller" free or not to manage wifi devices but not only did it make things easier to management client networks once I burned out my last Buffalo units I and deployed Unifi waps and switches at home I have to say, I would find it hard to go back.

I run Ubuntu so the software would work fine for me but my approach has been to deploy the controller as VM and then run it as needed from a server.  You actually don't need it running full time unless you are use the guest services functions.  The controller contains a small web server that you can deploy your landing pages to...

Sorry off topic- I don't run the Unifi Security Gateway but if you are looking for a more integrated solution especially if you are running a number of waps, poe devices.  Unifi stuff for layer 2 management is hard to beat.  Integration of the security gateway as well as their router devices allows it to become a very manageble system.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Keith C. Perry, MS E.E.
Managing Member, DAO Technologies LLC
(O) +1.215.525.4165 x2033
(M) +1.215.432.5167

From: "Lowell Higley" <>
To: "Philadelphia Linux User's Group Discussion List" <>
Sent: Tuesday, July 4, 2017 10:18:42 AM
Subject: Re: [PLUG] Firewall choices for a small software development        business

This isn't open source but I found the solution to be pretty good. 
Unifi Security Gateway [Amazon] [Ubiquiti]

It has a firewall but has a lot of additional functionality when combined with the controller software (free).  I used to be an OpenWRT guy but found this to be a much better solution. I can manage all of my network hardware (as long as it is Unifi hardware) from a single interface, create VLANs, manage APs, guest LANs, upgrade hardware, etc.  I'm pretty pleased with it and the hardware is pretty reasonably priced.  They even have a mobile app where you can manage/monitor your network hardware. I've found the ecosystem to be reasonably priced.  $100 for the Security Gateway.

Ubiquiti, I believe, started out as a WISP hardware vendor and then expanded from there.  I've found most of their stuff to be excellent.  The only weakness is the controller UI doesn't have all the capabilities you may want (say openvpn client) but you can ssh into the hardware and configure that way.  The other downfall, imho, is they only officially support Debian based distros.  They do release a zip file (unsupported) that I use on Arch and there is a community created/supported RPM for RH/CentOS.

Hint: You can join their beta program and get hardware at 50%.  I've bought a lot of hardware this way and never had a problem with any of it.  You have to stay on top of it because the beta hardware moves pretty fast.

On Mon, Jul 3, 2017 at 11:40 AM, K.S. Bhaskar <> wrote:
A couple of weeks hence, our new software startup YottaDB LLC ( will move into new space in Malvern, and I need to set up Internet access. Both Comcast and Verizon are available on the building, and I haven't chosen one.

This e-mail is to solicit opinions about a firewall. I don't know what sort of firewall they provide by default with business Internet service (perhaps none?) but I suspect I will need to set up our own firewall as well. We are starting out with three developers, and will scale up over a year to perhaps a half dozen and at most a dozen. I don't anticipate hosting our web site locally, but I will need inbound access, for which I am currently thinking of ssh with port knocking, rather than VPN.

It seems to me there are three choices:
  • Buy a router (discussed on the list recently), or perhaps
    ​flash ​an existing router from OpenWRT 12.09 to a newer release.
  • Get a dedicated PC and:
    • run a specialized distro like IPFire or ClearOS; or
    • run a general distro like Debian Stable and a firewall like Shorewall.

Comments, suggestions, and recommendations welcome. Thanks in advance.

-- Bhaskar

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --